Privacy Impact Assessment - Intervoice Voice Response Unit (IVVRU)
IVVRU System Overview
This system, also known as TeleTax, provides each taxpayer consistent and reliable information on current-year tax topics and tax refund status, via telephone. Since its initial deployment, Intervoice has been upgraded and enhanced on numerous occasions. The continued improvement of Intervoice has been sparked by the addition of the latest proven Intervoice technology to augment the customer service experience for the taxpayer. The current Intervoice system supports 4416 telephone ports distributed across 16 sites. At 15 sites, across the country, Intervoice systems support touch-tone callers. The Boston TeleTax installation provides 384 ports of advanced Speech Recognition.
System of Records Number(s)
Treasury/IRS 00.001--Correspondence Files (including Stakeholder Relationship
files) and Correspondence Control Files
Treasury/IRS 22.054--Subsidiary Accounting Files
Treasury/IRS 22.061--Individual Return Master File (IRMF)
Treasury/IRS 22.062 Electronic Filing Records
Treasury/IRS 24.013--Combined Account Number File, Taxpayer Services
Treasury/IRS 24.029--Individual Account Number File (IANF)
Treasury/IRS 24.030--CADE Individual Master File (IMF), (Formerly: Individual
Master File (IMF))
Treasury/IRS 24.046--CADE Business Master File (BMF) (Formerly: Business
Master File (BMF))
Treasury/IRS 34.020--IRS Audit Trail Lead Analysis System (ATLAS)
Treasury/IRS 34.037--IRS Audit Trail and Security Records System
Data in the System
1. Describe the information (data elements and fields) available in the system in the following categories:
A. Taxpayer
B. Employee
C. Audit Trail Information (including
employee log-in info)
D. Other (Describe)
A. Sensitive But Unclassified (SBU) taxpayer data in the system includes:
* Taxpayer ID Number
* Tax Period
* Filing Status
* Expected Refund Amount
* Refund/Credit/Rebate Status
B. The system is fully automated and requires no employee interaction for processing taxpayer contacts.
C. System audit data is viewed by the security administrator and is used to identify unauthorized access. This data is gathered by commercial off the shelf (COTS) security auditing capability provided with the operating system. Data gathered by the security audit system include elements such as login ID, login date/ time, logout date/ time, files/ directories accessed, and attempted security violations, such as invalid passwords or logins.
D. System performance data from management information system (MIS) files will be used to measure system and application performance, including availability, reliability, usability, and resource usage. Other data includes messages and information of a general nature (non-taxpayer/employee associated) including IRS Publications, directories of IRS toll-free numbers, IRS hours of operation, frequently asked questions and associated answers, and general system error messages.
2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)
A. The Intervoice VRU currently contains 3 primary interactive applications to assist taxpayers with general inquiries concerning their taxes. The applications are: Refund, Refund Trace, and Tax Topics. All the applications interface with the Customer Communications Interactive Processor (CC IP), an intermediary IRS system, which interfaces with other IRS database systemsvia command codes. These command codes help determine from where data is obtained by the CC IP. For example, the command code “AISDL” uses Integrated Data Retrieval System (IDRS) Taxpayer Identification Files (TIF), the National Account Index (NAI), National Account Profile (NAP), and Corporate Files On Line (CFOL) to obtain data. Data records are retrieved from the CC IP and stored on Intervoice systems in order to process a taxpayer call. This data is only maintained on the system for the duration of the call. The Intervoice VRUs are IRS only systems, and only personnel authorized through Form 5081 have access to them.
B. The Intervoice VRU obtains different data from taxpayers based on the purpose of their call and thus the application with which the taxpayer is interacting. Data elements obtained from taxpayers are:
* Taxpayer ID Number
* Tax Period
* Filing Status
* Expected Refund Amount
* Refund/Credit/Rebate Status
C. The Intervoice VRU does not acquire data from employees.
D. The Intervoice VRU does not acquire data from other federal agencies.
E. The Intervoice VRU does not acquire data from state or local agencies.
F. The Intervoice VRU does not acquire data from other third party sources.
3. Is each data item required for the business purpose of the system? Explain.
Each data element listed above is required to provide the taxpayer an accurate snapshot of their tax records.
4. How will each data item be verified for accuracy, timeliness, and completeness?
Data coming from the taxpayer is validated for format and length (e.g. individual TIN is 9 digits, each digit is character (0-9)).
Data retrieved from IRS sources via the Customer Communications Interactive processor (CC IP) (e.g. taxpayer account data) is first verified by the CC IP for accuracy, timeliness, and completeness. Then it is passed on to the Intervoice VRU for application use.
Data obtained from the CC IP is verified on the Intervoice VRU for format and length. The Intervoice VRU verifies timeliness by establishing unique transaction IDs for the VRU to CC IP data exchange with appropriate transaction timeouts. Data associated with a transaction that times out is discarded.
Data retrieved from the taxpayer is verified for accuracy by comparing it with account data retrieved via the CC IP during the taxpayer authentication/authorization process.
5. Is there another source for the data? Explain how that source is or is not used.
There is no other source of data being used by the Intervoice VRU.
6. Generally, how will data be retrieved by the user?
Data will be retrieved by the user (taxpayer) via the telephone.
7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
Yes. Data is retrievable by using the taxpayer Identification Number (TIN) or SSN.
Access to the Data
8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
Users, as defined for the Intervoice VRU, include individual taxpayers, practitioners, business, and government entities that contact the IRS via established telephone numbers for any number of account and non-account related proposes. Users have access to only their own SBU taxpayer data.
System Administrators (SA) have access to the system as part of their job duties of maintaining and configuring systems. Consequently, an SA will have access to all Intervoice VRU data. Procedures and responsibilities for System Administrators are outlined in IRM 21.2.1.4.22.9.
Vendor Maintenance Staff have access to the system for maintenance purposes of hardware only. Access is directly controlled by System Administration personnel,and vendor will not have access to SBU data at anytime.
Customer Communications Management Information System (CC MIS) Users have indirect access to the MIS data by requesting reports that contain MIS data and summarized information. Access to MIS data is controlled via user id/password identification and authentication methods.
9. How is access to the data by a user determined and by whom?
Users, to access the system via IRS established telephone numbers, must meet basic eligibility requirements and be authenticated by their taxpayer information with none of the following indicators on their account: XX XX XXXXXX XXXXX XXXXX XX XX XXX XXXX XXX XXX XXXXX XXXXX XXXXX XXXXXX XXXX XXX XXXX XXXX XXXXXX XXX XXXX XXXX XXXX XXXXXXXX XX XX XXXXX XXXX XX XX XX XXXX XXXX SA, Vendor Maintenance Staff, and CC MIS Users must complete a form 5081 to access the system. The Manager or Contract Officer’s Technical Representative (COTR), the security coordinator, and the system owner must approve system access and the permission level.
An IRS employee or vendor user’s position and “need-to-know” determines the type of access to the data. Vendors do not have access to SBU data. A user’s access to the data terminates when it is no longer required. Criteria, procedures, controls and responsibilities regarding access are documented in the Intervoice VRU Security Features User’s Guides and Trusted Facility Manuals.
10. Do other IRS systems provide, receive, or share data in the system? If YES, list the system(s) and describe which data is shared. If NO, continue to Question 12.
Provides:
* MIS data to the CC MIS system
Receives:
* Taxpayer data, including SBU data, from the CC IP system
Shares:
* No data
11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?
Both the CC MIS and CC IP systems are currently undergoing security certification and privacy impact assessment.
12. Will other agencies provide, receive, or share data in any form with this system? No.
Administrative Controls of Data
13. What are the procedures for eliminating the data at the end of the retention period?
Taxpayer data is removed from the VRU when no longer needed to support the taxpayer session. There is no retention period for taxpayer data, with the exception of TIN data used to check for more than three invalid re-entries. TIN data used for invalid re-entry analysis is automatically deleted every XXX.
Data that is retained in MIS and audit logs will remain on the VRU until eliminated by the System Administrator (SA). Using the Log Manager Software, the SA is able to manually eliminate data from the sub-system or have data automatically removed using a specified timeframe for elimination (e.g. data that is 90 days or older).
Currently, this script is run once every 6 months in accordance with IRM 1.15.17 - Records Control Schedule for Information Technology. Since our system is not directly referenced in the IRM, records are maintained according to guidelines set forth for similar “Output Records”, whereby records are deleted/destroyed “when one year old or when no longer needed for operational purposes, whichever is sooner”. For the Intervoice VRU, MIS and audit records are no longer needed after six months and therefore deleted.
14. Will this system use technology in a new way? If "YES" describe. If "NO" go to Question 15. No.
15. Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability.
The Intervoice VRU tracks the Dialed Number Identification Service (DNIS) and Automated Number Identification (ANI) XX XX XXX XXXX XXXX XXXXX XXXXXX XXXXX XXX XXXXXXX XXXXXXX. The information can establish that a particular taxpayer did contact the IRS by telephone at a particular date and time.
16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.
No. The Intervoice VRU will not be used to monitor individuals or groups.
17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently? Explain. No.
18. Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?
The Intervoice VRU makes no determination and takes no final action. As described in the system purpose, the Intervoice VRU only provides information to taxpayers regarding their tax records. If taxpayers have questions regarding the information provided by the system, they can elect to speak to a Customer Service Representative (CSR) who can provide guidance. When a call is transferred to a CSR, it is no longer interacting with the Intervoice VRU.
19. If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?
The Intervoice VRU is not a web-based system.
| 
